Jackson's comments, commiserations, confabulations and simplifications on identity management and Microsoft's Active Directory all based on his continuous "reality tour" of meetings with customers, ISVs and Microsoft.

Tuesday, January 27, 2009

Managing the Mac with Group Policy and Preference Manifests

A few weeks ago I posted about how we are doing more and more work with Apple's Mac OS X. This is a follow-on post to that one...

Quest Authentication Services (QAS) version 3.5 includes new support for managing Mac OS X systems and applications through Microsoft's Group Policy. One unique aspect of this functionality is the ability to manage Mac applications using preference manifest files. Preference manifest files provide a standard way to expose application settings to centralized management systems like Workgroup Manager. Apple provides preference manifest files for all of the Mac's configurable system settings. Apple encourages 3rd party software developers - like Quest - to provide preference manifest files with their applications.

QAS leverages this infrastructure to allow you to manage Mac-specific settings centrally in Microsoft Group Policy. Using the Microsoft Group Policy Management Console editor, you can configure Mac application settings which are applied using the Group Policy framework built-in to QAS. The graphic below shows all of the preference manifest policies that ship with QAS by default.

Each policy is configurable according to the settings described in the preference manifest file. For example, the preference manifest for Screen Saver exposes the six settings shown in the next graphic below. In this example, Screen Saver has been configured to require a password. When this GPO is applied to a Mac system running QAS, the configuration will be propagated to the Managed Client application which will reconfigure Screen Saver to prompt for a password.

QAS uses the information in the preference manifest to produce an appropriate user interface to configure each setting. Additional preference manifest files can be loaded into the Group Policy Management Editor at runtime allowing you to customize the set of policies.

Some applications, such as Microsoft Office for Mac, do not provide preference manifest files. However, since preference manifest files follow a simple XML format it is easy to create or customize them. As an example of custom preference manifest files, QAS comes with a set of preference manifests for managing Microsoft Office. Some of the settings for Microsoft Word which can be configured with QAS are shown below.

Using custom preference manifests, you can manage an unlimited number of applications and settings on the Mac. Support for preference manifest files is a unique feature of QAS demonstrating the commitment to standards-based interoperability that has always been at the core of Quest Authentication Services.

We've had awesome customer interest in the way that we're supporting Apple's preference manifest files due to the flexibility it enables. It seems like we've struck a chord. If you're interested in more information about preference manifest files can be found on Apple's developer website here.

Legal

The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not represent those of my employer or anyone else for that matter. View this blog's privacy policy here.16 CFR § 255.5 disclosure: I am an employee of Quest Software.